SONAR.Cryptlck!g109 – Research Report

Creators of Ransom.Cryptolocker have released another variant on October 06 which has been detected as SONAR.Cryptlck!g109, is a Trojan horse that encrypts files on the infected computer and then prompt the victims to buy a super password to decrypt them. Basically, this trojan acts like a ransomware program but PC security experts have been categorized it as a Trojan after its initial analysis. SONAR.Cryptlck!g109 mostly fall on your PC via Spam emails contains RIG exploit kit or other malicious Scripts. Afterwards, when the trojan is executed, it makes {GUID}.EXE in %AppData% folder, locks your PC screen, encrypts saved files and then show a ransom demand. Ransom text shows on your desktop will contain following texts:

“The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a time specified in this window. After that, nobody and never will be able to restore files. To obtain the private key for this computer, which will automatically decrypt files, you need to pay.”

This crypto-trojan accept online payments via Bitcoin, cashU, Ukash, Paysafecard, Moneypack in case you got no other option than buying decryption key. Source code analysis of it revealed that it is programmed to lock more than a hundred of type of files. It may include your database files, audio, video and other documents. It has also been confirmed that this trojan horse attempts to contact with more than two hundred questionable websites like 184.164.136.134,apvfgtlwxopblx.biz, aunuqtdksfwusw.ru, bdlsmdixygytss.co.uk, belylsfdytbhfd.net, bssqyerxiihsnl.ru.

Protection tactics against SONAR.Cryptlck!g109 strike

If you want to protect your PC against this trojan, then you have to be extremely curious. You shouldn't open suspicious email attachments in order to clear your suspicion out because that attachment may contain exploit kit which might install SONAR.Cryptlck!g109 trojan onto your system without your knowledge. If you really need to open that Spam email attachment, it better to download and scan that with your Highly efficient Antivirus software. Otherwise, you should delete those Spam emails from your inbox instantly.

However, this trojan pose direct threat to your privacy and cause data loss. Therefore, all victims are being advised to get rid of SONAR.Cryptlck!g109 as soon as possible.